Skip to main content
CVE-2026-44181 CRITICAL PATCH GHSA Act Now

Remote code execution in Jupyter Enterprise Gateway (fixed in v3.3.0) is possible because attacker-supplied KERNEL_XXX environment variables (e.g. KERNEL_POD_NAME, KERNEL_WORKING_DIR) sent to the /api/kernels endpoint are rendered through Jinja2 when building the Kubernetes pod manifest, enabling Server-Side Template Injection. Any client able to reach the gateway API can inject Jinja2 expressions to execute Python and OS commands inside the Enterprise Gateway pod, then steal its Kubernetes service account token to read secrets and schedule privileged/hostPath pods, escalating to full cluster compromise. Publicly available exploit code exists (working curl PoCs in the advisory); the flaw is not listed in CISA KEV and EPSS is low at 0.86%.

Kubernetes Python Ssti RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
0.9%
CVE-2026-44182 CRITICAL PATCH GHSA Act Now

Privilege escalation and arbitrary Kubernetes resource creation in Jupyter Enterprise Gateway allows attackers to inject YAML into kernel pod manifests via untrusted KERNEL_* environment variables submitted to the /api/kernels endpoint. Because these values are interpolated into a Jinja2 pod template without YAML-aware escaping, an attacker can clobber the pod securityContext to run kernels as root or use multi-document YAML boundaries (--- / ...) to spin up additional privileged pods, ultimately enabling container escape and full cluster compromise. Publicly available exploit code exists (detailed PoC in the vendor advisory), though EPSS is low (0.06%) and it is not listed in CISA KEV.

Kubernetes Nginx RCE
NVD GitHub
CVSS 4.0
10.0
EPSS
0.1%
CVE-2026-41283 CRITICAL PATCH GHSA Act Now

Remote code execution in OpenStack Mistral through version 22.0.0 allows authenticated attackers with low privileges to execute arbitrary code via exposed API endpoints, leading to exfiltration of service credentials and full compromise of the workflow service. The CVSS 9.9 score reflects scope change (S:C) meaning impact extends beyond Mistral itself into other OpenStack components whose credentials it holds. There is no public exploit identified at time of analysis, but the vulnerability is tagged as Authentication Bypass and RCE, and disclosure occurred via oss-security with vendor coordination.

RCE Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.2%
CVE-2026-36576 CRITICAL Act Now

Remote command execution in openlabs docker-wkhtmltopdf-aas (up to commit 9f50579) allows unauthenticated attackers to run arbitrary OS commands by sending a crafted POST request to the app.py PDF conversion endpoint. The CVSS 9.8 rating reflects network-reachable, no-privilege, no-interaction exploitation, and while no public exploit identified at time of analysis, the referenced source line (app.py#L40) makes the injection sink trivially discoverable for any attacker reviewing the repository.

Docker Command Injection
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2026-44180 CRITICAL PATCH GHSA Act Now

Privilege bypass in Jupyter Enterprise Gateway versions 2.0.0rc1 through 3.2.x allows remote unauthenticated attackers to launch Jupyter kernels as root (UID/GID 0) by appending whitespace to the KERNEL_UID or KERNEL_GID values, bypassing the EG_PROHIBITED_UIDS/GIDS protection. The flaw chains with Kubernetes hostPath volume mounts to enable container escape and worker-node compromise, with publicly available exploit code (PoC) documented in the GHSA advisory; no public exploitation identified at time of analysis.

Kubernetes RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-47065 CRITICAL PATCH GHSA Act Now

Unsafe Java deserialization in Apache MINA's ObjectSerializationDecoder allows remote unauthenticated attackers to bypass the acceptMatchers class allow-list and achieve arbitrary code execution. Two distinct flaws are addressed: a TC_PROXYCLASSDESC handling gap where resolveProxyClass is not overridden (permitting java.lang.reflect.Proxy instantiation outside the allow-list), and a Class.forName invocation in readClassDescriptor that triggers static initializers of allow-listed classes before any instance check. No public exploit identified at time of analysis, but the CVSS 9.8 rating and well-known deserialization attack patterns make this a high-priority issue for any application exposing MINA's object serialization codec.

Deserialization Apache Mina
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-5241 CRITICAL PATCH GHSA Act Now

Remote code execution in Hugging Face Transformers 5.2.0 allows a malicious model repository to bypass the user's explicit trust_remote_code=False safeguard when loading a LightGlue model via AutoModel.from_pretrained(). The LightGlueConfig deserializes the trust_remote_code flag from the untrusted config.json and propagates the attacker-controlled value into a nested AutoConfig.from_pretrained() call, enabling execution of arbitrary attacker-supplied Python during model initialization. Rated CVSS 9.6 (AV:N/AC:L/PR:N/UI:R) with publicly available exploit code exists via the Huntr disclosure, though EPSS is currently 0.07% (22th percentile) and the CVE is not on CISA KEV.

RCE Python Transformers
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-35075 CRITICAL Act Now

Credential disclosure in MBS industrial protocol gateways (Single-A, Double-A, Single-X, and Double-X product families) allows remote unauthenticated attackers to extract a hard-coded default password embedded in the firmware image and use it to obtain full administrative control of any affected device. With a CVSS 4.0 score of 9.3 and the vulnerability reported through CERT@VDE under advisory VDE-2026-039, the issue is severe because the recovered credential is shared across the device line, but at the time of analysis there is no public exploit identified and the vulnerability is not listed in CISA KEV.

Information Disclosure Single A Double A Profibus Double A X Link Single X +14
NVD
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-46266 CRITICAL PATCH Act Now

Remote manipulation of the Linux kernel's IPv4 routing cache is possible through RAW sockets bound to IPPROTO_RAW (protocol 255), where a malicious incoming ICMP packet whose inner header advertises protocol 255 will be matched to the socket and trigger FNHE (Forwarding Next Hop Exception) cache changes. The flaw affects Linux systems where a process has opened a RAW socket on protocol 255, and remote attackers can use crafted ICMP fragmentation-needed messages to influence routing decisions. No public exploit identified at time of analysis and EPSS probability is very low (0.02%), but the CVSS 9.1 reflects high integrity and availability impact via unauthenticated network reachability.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-46244 CRITICAL PATCH Act Now

Firewall bypass in the Linux kernel's netfilter nft_inner module (versions 6.2 and later) allows remote attackers to forge transport headers in tunneled IPv6 packets due to a desynchronization between the computed inner transport header offset and the parsed L4 protocol. The flaw enables crafted IPv6 packets carrying extension headers to evade nftables inner-payload matching rules, with no public exploit identified at time of analysis and an EPSS score of 0.02% indicating negligible observed exploitation activity.

Authentication Bypass Linux Memory Corruption
NVD VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-36748 CRITICAL Act Now

Stored cross-site scripting in RockRMS versions 16.13 and earlier through 17.7.0 allows authenticated attackers to inject malicious JavaScript via the Social Media links field in user profiles, leading to privilege escalation when administrators view the profile. According to the Raxis disclosure referenced in this CVE, the flaw enables session hijacking and account takeover of higher-privileged users. There is no public exploit identified at time of analysis, but a detailed technical write-up is publicly available describing the attack path.

XSS N A
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy